o RDiP>@sddlmZddlZddlZddlZddlZddlZddlZddlZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZdd lmZmZmZdd lmZmZdd lmZmZee Z!ed Z"Gd ddeZ#Gddde$Z%e GdddZ&d1ddZ'Gddde Z(Gddde$Z)Gddde)Z*Gdd d e)Z+Gd!d"d"e)Z,Gd#d$d$e)Z-Gd%d&d&e)Z.Gd'd(d(e)Z/Gd)d*d*e)Z0Gd+d,d,e(Z1Gd-d.d.e(Z2Gd/d0d0e(Z3dS)2) annotationsN)ABCabstractmethod) dataclass)Enum)Path)AnyTypeVar)IS_LINUXIS_MACOS IS_WINDOWS)FileLock FileLockError)installed_keyringkeyringTc@s eZdZdZdZdZdZdZdS) TokenTypeajTypes of credentials that can be cached to avoid repeated authentication. - ID_TOKEN: SSO identity token from external browser/Okta authentication - MFA_TOKEN: Multi-factor authentication token to skip MFA prompts - OAUTH_ACCESS_TOKEN: Short-lived OAuth access token - OAUTH_REFRESH_TOKEN: Long-lived OAuth token to obtain new access tokens ID_TOKEN MFA_TOKENOAUTH_ACCESS_TOKENOAUTH_REFRESH_TOKENN)__name__ __module__ __qualname____doc__rrrrrrX/var/www/Datamplify/venv/lib/python3.10/site-packages/snowflake/connector/token_cache.pyrs rc@ eZdZdS)_InvalidTokenKeyErrorNrrrrrrrr'rc@s:eZdZUded<ded<ded<d ddZd d d Zd S) TokenKeystruserhostr tokenTypereturncCsPt|jdkr tdt|jdkrtd|jd|jd|jjS)NrzInvalid key, host is emptyzInvalid key, user is empty:)lenr%rr$upperr&valueselfrrr string_key1s $zTokenKey.string_keycCs&t}||jdd|S)Nutf-8)encoding)hashlibsha256updater.encode hexdigest)r-mrrrhash_key8szTokenKey.hash_keyN)r'r#)rrr__annotations__r.r7rrrrr"+s  r"warningr#r'NonecCs t|td|tjddS)Nz Warning: )file)loggerr9printsysstderr)r9rrr_warn>s r@c@sJeZdZdZeddddZedd dZedddZedddZ dS) TokenCacheaSecure storage for authentication credentials to avoid repeated login prompts. Platform-specific implementations: - macOS/Windows: Uses OS keyring (Keychain/Credential Manager) via 'keyring' library - Linux: Uses encrypted JSON file in ~/.cache/snowflake/ with 0o600 permissions - Fallback: NoopTokenCache (no caching) if secure storage unavailable Tokens are keyed by (host, user, token_type) to support multiple accounts. Fskip_file_permissions_checkboolr'cCsHtstrts tdtStStr"t|}|r|StdtSdS)Na.Dependency 'keyring' is not installed, cannot cache id token. You might experience multiple authentication pop ups while using ExternalBrowser/OAuth/MFA Authenticator. To avoid this please install keyring module using the following command: pip install snowflake-connector-python[secure-local-storage]zFailed to initialize file based token cache. You might experience multiple authentication pop ups while using ExternalBrowser/OAuth/MFA Authenticator.) r r rr@NoopTokenCacheKeyringTokenCacher FileTokenCachemake)rBcacherrrrGNs  zTokenCache.makekeyr"tokenr#r:cCdSNrr-rIrJrrrstorefzTokenCache.store str | NonecCrKrLrr-rIrrrretrievejrOzTokenCache.retrievecCrKrLrrQrrrremovenrOzTokenCache.removeNF)rBrCr'rArIr"rJr#r'r:rIr"r'rPrIr"r'r:) rrrr staticmethodrGrrNrRrSrrrrrACs   rAc@r)_FileTokenCacheErrorNr rrrrrYsr!rYc@r)_OwnershipErrorNr rrrrrZwr!rZc@r)_PermissionsTooWideErrorNr rrrrr[{r!r[c@r)_CacheDirNotFoundErrorNr rrrrr\r!r\c@r)_InvalidCacheDirErrorNr rrrrr]r!r]c@r)_MalformedCacheFileErrorNr rrrrr^r!r^c@r)_CacheFileReadErrorNr rrrrr_r!r_c@r)_CacheFileWriteErrorNr rrrrr`r!r`c@seZdZdZed/d0ddZ d/d1d d Zd2ddZd3ddZd4ddZ d5ddZ d5ddZ d6ddZ d7d"d#Z ed/d8d%d&Ze d/d9d'd(Zd:d,d-Zd.S);rFaLinux implementation: stores tokens in JSON file with strict security. Cache location (in priority order): 1. $SF_TEMPORARY_CREDENTIAL_CACHE_DIR/credential_cache_v1.json 2. $XDG_CACHE_HOME/snowflake/credential_cache_v1.json 3. $HOME/.cache/snowflake/credential_cache_v1.json Security: File must have 0o600 permissions and be owned by current user. Uses file locks to prevent concurrent access corruption. FrBrCr'FileTokenCache | NonecCs2t|}|durttddSt||dS)NzfFailed to find suitable cache directory for token cache. File based token cache initialization failed.rB)rFfind_cache_dirlogging getLoggerrdebug)rB cache_dirrrrrGs  zFileTokenCache.makergrr:cCstt|_||_||_dSrL)rdrerr<rg_skip_file_permissions_check)r-rgrBrrr__init__s  zFileTokenCache.__init__rIr"rJr#c Csz4t|j|jt||}||d|<||WdWdS1s-wYWdSt yP}z|j d|WYd}~dSd}~wt yk}z|j d|WYd}~dSd}~wt y}z|j d|WYd}~dSd}~ww)NtokenszFailed to store token: e=Unable to lock file lock: e=Failed to produce token key e=)rFvalidate_cache_dirrgrhr lock_file_read_cache_filer7_write_cache_filerYr<errorrr)r-rIrJrHerrrrNs& &   zFileTokenCache.storerPc Cs(zAt|j|jt|(|}|d|d}t |t r-|WdWS WdWdS1s:wYWdSt y]}z|j d|WYd}~dSd}~wtyx}z|j d|WYd}~dSd}~wty}z|j d|WYd}~dSd}~ww)NrjzFailed to retrieve token: e=rkrl)rFrmrgrhrrnrogetr7 isinstancer#rYr<rqrr)r-rIrHrJrrrrrrRs2 (zFileTokenCache.retrievec Csz6t|j|jt||}|d|d| |WdWdS1s/wYWdSt yR}z|j d|WYd}~dSd}~wt ym}z|j d|WYd}~dSd}~wty}z|j d|WYd}~dSd}~ww)NrjzFailed to remove token: e=rkrl)rFrmrgrhrrnropopr7rprYr<rqrr)r-rIrHrrrrrrSs& &   zFileTokenCache.removecC |jdS)Nzcredential_cache_v1.jsonrgr,rrr cache_file zFileTokenCache.cache_filecCrv)Nzcredential_cache_v1.json.lckrwr,rrrrnryzFileTokenCache.lock_filedict[str, dict[str, Any]]c Csd}dii}zz3t|tj}|js||dt|dtj}t|dtjt ||}t t |d}WnwtyN|j|dYndt jjyq}z|jd|d|jjWYd}~nEd}~wty}z|jd |d|jjWYd}~n$d}~wty}z|jd |d|WYd}~nd}~wwW|dkrt|n |dkrt|wwd|vst|dtsi|d<|S) Nrjrr/z not foundz+Failed to decode json read from cache file z: z,Failed to decode utf-8 read from cache file zFailed to read cache file )osopenrxO_RDONLYrh_ensure_permissionslseekSEEK_ENDSEEK_SETreadjsonloadscodecsdecodeFileNotFoundErrorr<rfdecoderJSONDecodeErrorr9 __class__r UnicodeErrorOSErrorclosertdict)r-fd json_datasizedatarrrrrrosH   (  zFileTokenCache._read_cache_filerrc Csd}|jd|zFz4t|tjtjBtjBd}|js(| |dt |t t |d|WW|dkrBt|SStyS}ztd|d}~ww|dkr^t|ww)Nr{zWriting cache file r|r/rzFailed to write cache file)r<rfrxr}r~O_WRONLYO_CREATO_TRUNCrhrwriterr4rdumpsrrr`)r-rrrrrrrrps(    z FileTokenCache._write_cache_file Path | NonecsPd fdd fd d fd d fd d g}|D] }|}|r%|SqdS)Nenv_varr#subpath_segments list[str]r'rc st|}|durtd|ddSt|}t|dkra|s/tdt|ddS|s@tdt|ddS|ddD] }||}|j dd d qF||d}|j dd d z t ||WSt y}zt d t|d |dWYd}~dSd}~ww)NzEnvironment variable z0 not set. Skipping it in cache directory lookup.rzPath z7 does not exist. Skipping it in cache directory lookup.z; is not a directory. Skipping it in cache directory lookup.r{Ti)exist_okmodez&Cache directory validation failed for z due to error 'z)'. Skipping it in cache directory lookup.)r}getenvr<rfrr)existsr#is_dirmkdirrFrmrYr@)rrenv_val directorysubpathrrrbrrlookup_env_dir"sF    z5FileTokenCache.find_cache_dir..lookup_env_dircs dgS)N!SF_TEMPORARY_CREDENTIAL_CACHE_DIRrrrrrLs z/FileTokenCache.find_cache_dir..cs ddgS)NXDG_CACHE_HOME snowflakerrrrrrMs csdddgS)NHOMEz.cacherrrrrrrNs)rr#rrr'rr)rBlookup_functionslfrgr)rrBrrc s *  zFileTokenCache.find_cache_dircCszO|}|dur tdt|jstd|d|sJt|j}|dkr3td|d|ddt}|j |krMt d|d|d |j WdSWdSt y^td|d w) NzCache dir was not foundz Cache dir z is not a directoryr has incorrect permissions. oz != 0700 has incorrect owner.  != z was not found. Failed to stat.) statr\S_ISDIRst_moder]S_IMODEr[r}geteuidst_uidrZr)rgrBstatinfo permissionseuidrrrrmXs0     z!FileTokenCache.validate_cache_dirrintrcCszabcrr dataclassesrenumrpathlibrtypingrr compatr r r file_lockrroptionsrrrerr<rrrrr"r@rArYrZr[r\r]r^r_r`rFrErDrrrrsH      0y6